CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 371:

  Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

  Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

  A. Compile a list of firewall requests and compare than against interesting cloud services.
  B. Implement a CASB solution and track cloud service use cases for greater visibility.
  C. Implement a user-behavior system to associate user events and cloud service creation events.
  D. Capture all log and feed then to a SIEM and then for cloud service events
  B. Implement a CASB solution and track cloud service use cases for greater visibility.

  ---

  Explanation

  A Cloud Access Security Broker (CASB) is specifically designed to provide visibility, control, and governance over cloud service usage, including unauthorized or shadow IT activity. It can automatically discover and monitor cloud services with minimal manual effort, making it the most efficient and scalable solution for a small security team facing rapid, untracked cloud instance creation.

• Question 372:

  A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

  Which of the following scan types will provide the systems administrator with the MOST accurate information?

  A. A passive, credentialed scan
  B. A passive, non-credentialed scan
  C. An active, non-credentialed scan
  D. An active, credentialed scan
  D. An active, credentialed scan

  ---

  Explanation

• Question 373:

  A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation. Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience. The current architecture includes:

  1.Directory servers

  2.Web servers

  3.Database servers

  4.Load balancers

  5.Cloud-native VPN concentrator

  6.Remote access server

  The MSP must secure this environment similarly to the infrastructure on premises. Which of the following should the MSP put in place to BEST meet this objective? (Choose three.)

  A. Content delivery network
  B. Virtual next-generation firewall
  C. Web application firewall
  D. Software-defined WAN
  E. External vulnerability scans
  F. Containers
  B. Virtual next-generation firewall
  C. Web application firewall
  E. External vulnerability scans

  ---

  Explanation

• Question 374:

  A security engineer would like to control configurations on mobile devices while fulfilling the following requirements:

  1. Support and control Apple and Android devices.

  2. The device must be corporate-owned.

  Which of the following would enable the engineer to meet these requirements? (Choose two)

  A. Create a group policy to lock down mobile devices.
  B. Update verbiage in the acceptable use policy for the internet.
  C. Implement an MDM solution.
  D. Implement a captive portal solution.
  E. Update policy to prohibit the use of BYOD devices.
  F. Implement a RADIUS solution.
  C. Implement an MDM solution.
  E. Update policy to prohibit the use of BYOD devices.

• Question 375:

  Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

  A. Traffic interceptor log analysis
  B. Log reduction and visualization tools
  C. Proof of work analysis
  D. Ledger analysis software
  B. Log reduction and visualization tools

  ---

  Explanation

• Question 376:

  In comparison to other types of alternative processing sites that may be invoked as a part of disaster recovery, cold sites are different because they:

  A. have basic utility coverage, including power and water.
  B. provide workstations and read-only domain controllers.
  C. are generally the least costly to sustain.
  D. are the quickest way to restore business.
  E. are geographically separated from the company's primary facilities.
  C. are generally the least costly to sustain.

  ---

  Explanation

• Question 377:

  Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

  A. The image must be password protected against changes.
  B. A hash value of the image must be computed.
  C. The disk containing the image must be placed in a seated container.
  D. A duplicate copy of the image must be maintained
  B. A hash value of the image must be computed.

  ---

  Explanation

• Question 378:

  An administrator wants to ensure hard drives cannot be removed from hosts and men installed into and read by unauthorized hosts Which of the following techniques would BEST support this?

  A. Access control lists
  B. TACACS+ server for AAA
  C. File-level encryption
  D. TPM with sealed storage
  D. TPM with sealed storage

  ---

  Explanation

  TPM with sealed storage prevents data access on unauthorized hosts.

• Question 379:

  A recent security assessment generated a recommendation to transition Wi-Fi to WPA2/WPA3 Enterprise requiring EAP-TLS.

  Which of the following conditions must be met for the organization's mobile devices to be able to successfully join the corporate wireless network?

  A. Client computer X.509 certificates have been installed.
  B. Supplicants are configured to provide a 64-bit authenticator.
  C. A hardware TOTP token has been issued to mobile users.
  D. The device's IPSec configuration matches the VPN concentrator.
  A. Client computer X.509 certificates have been installed.

  ---

  Explanation

  For an organization transitioning its Wi-Fi to WPA2/WPA3 Enterprise with EAP-TLS, X.509 certificates are crucial. EAP-TLS (Extensible Authentication Protocol-Transport Layer Security) is a certificate-based authentication protocol, and for it to work, both the client and server must have valid X.509 certificates. This ensures that the mobile devices can authenticate themselves securely to the wireless network. Other options like IPSec configurations or TOTP tokens are not relevant in the context of EAP-TLS wireless authentication. CASP+ highlights the importance of certificate management in secure wireless authentication protocols.

  References: CASP+ CAS-004 Exam Objectives: Domain 3.0 Enterprise Security Architecture (Wireless Authentication and EAP-TLS) CompTIA CASP+ Study Guide: Certificate Management for EAP-TLS

• Question 380:

  A company wants to improve Its active protection capabilities against unknown and zero- day malware. Which of the following Is the MOST secure solution?

  A. NIDS
  B. Application allow list
  C. Sandbox detonation
  D. Endpoint log collection
  E. HIDS
  B. Application allow list

  ---

  Explanation